OAuth 2.0 Access

In the login prompt of Cyberduck you enter the x-goog-project-id for the username and enter the Authorization Code retrieved from the website where you grant Cyberduck acccess to your account.

You access the page with the authorization code from the link displayed in the login prompt. Click it to open it in a web browser window. You only need to get the authorization code from the website on the first login attempt. Subsequent OAuth authentications will use a refresh token retrieved from service.

Creating a bucket

When connecting the first time, you must first create a new bucket with File → New Folder... (⌘-N). You can choose the bucket location in Preferences (⌘-,) → S3 The following locations are supported:

US

EU - Europe

Bucket Access Logging

When this option is enabled in the Google Cloud Storage panel of the Info (File → Info (⌘-I)) window for a bucket or any file within, available log records for this bucket are periodically aggregated into log files and delivered to root in the target logging bucket specified. It is considered best practice to ​choose a logging target that is different from the origin bucket.

Analytics

After logging is configured, you can access statistics from your access logs using a service such as ​Qloudstat.

Folders

Creating a folder inside a bucket will create a placeholder object named after the directory, has no data content and the mimetype application/x-directory. Directory placeholder objects created in Google Storage Manager are ​not supported.

Files

Metadata

ACLs

Default ACLs

Buckets. New buckets created have a default pre-defined canned ACL set to public-read. You get FULL_CONTROL. All other users have READ access.

Granting access to selected users

You can give access to a specific user to a document by granting READ access to the email address registered with Google. The Authenticated URL from the ACL tab in the Info window with the format https://sandbox.google.com/storage/<container>/<file> will verify access to the resource using the Google Account login credentials.

The link will redirect to the file only after the user has successfully logged in to their Google Account and is listed in the ACL you have just edited.

Granting access to Google Apps domain

Google Apps customers can associate their email accounts with an Internet domain name. When you do this, each email account takes the form username@…. You can specify a scope by using any Internet domain name that is associated with a Google Apps account.

Granting access to members of Google Group

Every Google group has a unique email address that is associated with the group. For example, the Google Storage for Developers group has the following email address: gs-discussion@…. You can find the email address that is associated with a Google group by clicking About this group, which appears on the homepage of every Google group.

Permissions

The following permissions can be given to grantees:

Bucket

Files

READ

Allows grantee to list the files in the bucket

Allows grantee to download the file and its metadata

WRITE

Allows grantee to create, overwrite, and delete any file in the bucket

Not applicable

FULL_CONTROL

Allows grantee all permissions on the bucket

Allows grantee all permissions on the object

Website Configuration

To host a static website on Google Cloud Storage, It is possible to define a bucket as a Website Endpoint. The configuration in File → Info (⌘-I) → Distribution allows you to enable website configuration. Choose Website Configuration (HTTP) from Delivery Method and define an index document name that is searched for and returned when requests are made to the root or the subfolder in your bucket.

Website Configuration parameters will only affect requests directed to CNAME aliases of a bucket.

Index File

Simulates directory index behavior at both bucket and "directory" level. The file specified is served for requests to the website endpoint as the main page for the bucket and for requests to "directories" contained by the bucket.